Search for answers or browse our knowledge base.
Epicor IDC Login Error – “Security Token is Missing” After Upgrade
🔐 Epicor IDC Login Error – “Security Token is Missing” After Upgrade
🧩 Issue Description
After upgrading the Epicor IDC software, users may encounter the following error when attempting to log in via their browser:
❗ “The form cannot be submitted because a security token is missing. This may be a result of deleted cookies. Please enable cookies in your browser settings.”
📸 Screenshot of the Error:
Error thrown in Account Login
This issue prevents all users from logging into the Epicor IDC interface. The error is tied to SSL enforcement in the IDC web application’s configuration file.
🛠️ Resolution Steps
Follow the steps below to resolve the Security Token Missing login error in Epicor IDC after an upgrade.
✅ Step 1: Backup the web.config File
- Navigate to:
C:\Program Files (x86)\Epicor IDC\Epicor IDC Web\ - Locate the
web.configfile. - Make a backup of this file before making changes (copy and paste it somewhere safe).
🛠️ Step 2: Modify the SSL Cookie Requirement
- Open the original
web.configfile in a text editor (e.g., Notepad++ or VS Code). - Locate the line: <httpCookies requireSSL=”true” />
- Change it to: <httpCookies requireSSL=”false” />
- Confirm that the modified block now looks similar to this:
<system.web>
<sessionState mode="InProc" timeout="10000"></sessionState>
<authentication mode="None" />
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime maxRequestLength="1048576" targetFramework="4.5.2" executionTimeout="3600" />
<customErrors mode="On" defaultRedirect="~/Error/Error" />
<globalization culture="" uiCulture="" />
<httpCookies requireSSL="false" />
</system.web>🔄 Step 3: Restart IIS
- Open Command Prompt as Administrator.
- Run the following command:
iisreset
🌐 Step 4: Clear Browser Cache & Retest Login
- Close all browser windows (simply refreshing the page will not work).
- Reopen the browser and navigate back to the IDC login page.
- Attempt to log in again.
✅ Result
After completing the steps and restarting IIS, users should be able to successfully log into Epicor IDC without encountering the “Security Token Missing” error.
🧠 Root Cause
This issue was caused by the requireSSL="true" setting in web.config which enforces secure cookies. After upgrading, if IDC is accessed over HTTP rather than HTTPS, the browser drops the session cookie, causing the security token validation to fail. Changing it to false resolves the issue when HTTPS is not being used.
🧩 Additional Notes
- Make sure this setting is re-evaluated if you plan to implement HTTPS/SSL in production in the future.
- Always backup configuration files before making changes.
- If users still experience issues, clear cookies or try a different browser.
💬 Need Help?
For additional assistance, questions, or help resolving this issue, please contact Mosaic Corp. Support at:
📧 support@mosaiccorp.com
